J-school computers compromised

While the majority of the campus community slept late last Wednesday night, an unidentified computer hacker or cracker compromised several computer workstations in Ernie Pyle Hall for the purpose of sightseeing, according to University Information Technology Services. \nThe unauthorized access to the campus network was the equivalent of window shopping since the hacker or cracker did not obtain full control of any machines. As a result, very little student, faculty or University information was obtained and no computer technology was tampered with. \nHackers participate in Web page defacement, worm and virus development, and they transmit e-mail bombs through electronic connections. Crackers on the other hand, prefer dealing in computer code to erase and rewrite Web sites, while also denying legitimate business and service transactions over the internet. \nUITS is still investigating the situation while it works to resolve any unauthorized access abilities. \nIn an e-mail statement IU Information Technology Policy Officer Merri Beth Lavagnino acknowledged the difficulties University security personnel face in combating computer crime.\n"We recently discovered a misconfiguration on these machines and we also discovered that outside hackers or crackers also had discovered this flaw," Lavagnino said. "It isn't clear that they made use of what they discovered, but the misconfigurations are being fixed now so that they don't."\nUITS issued several stated warnings for students and faculty in regards to secure computer access in their e-mail newsletter, the Monitor, although some UITS officials worry the information is often overlooked and deleted without serious consideration. \nComputer hackers and crackers have been known to infiltrate computer networks, seize personal identity and financial information, and even destroy or damage installed programs, so the pressure to defend students and faculty is ongoing. \nChief IT Security and Policy Officer Mark Bruhn warned the campus community of recent trends in computer hacking and cracking. \n"There are many more computers nowadays, and at the same time the number of vulnerabilities is going up dramatically," Bruhn said. "The basic threat is automated probes if the machines are not secured with updated patches or protected by good passwords."\nAutomated probes crack passwords with brute force, usually by applying every word found in English and foreign language dictionaries. Once a password is obtained, the automated probe notifies the hacker or cracker of the vulnerability, and numerous computer workstations can be compromised. \nHackers and crackers usually desire untraceable space to store illegal goods, such as pirated computer programs, music and films. To accomplish this, they will gain access to a computer network through a flaw, rewrite the username and password, take control of the machine, and patch the computer to currency to prevent the user from discovering the siege. \nUITS advises users to create a password with deliberately misspelled words, a memorable quotation or a combination of words and letters.\nBruhn said he believes there are three major problems associated with personal computers wired into the University's network: weak passwords -- as with the Macs in the journalism school, unpatched machines and clicking on unknown attachments. He also believes the University network seems like the ideal environment for computer hackers or crackers due to the significant bandwidth, ample storage and perception of lacking security present at many colleges across the country.\n"Patches, patches, patches," Bruhn said. "Report any noticeably bad behavior on the part of your machine."\n-- Contact staff writer David A. Nosko at dnosko@indiana.edu.